USA: Elara Caring announces data breach affecting 100,487 patients
Elara Caring announced, on 24 February 2021, a data breach affecting 100,487 of its patients, of which the U.S. Department of Health & Human Services Office for Civil Rights ('OCR') is investigating. In particular, Elara Caring stated that they had learned of unauthorised access to a limited number of corporate email accounts in mid-December 2020. Upon discovery, Elara Caring launched an investigation, notified law enforcement, and undertook a company wide password reset on all emails. Moreover, Elara Caring outlined that the impacted information may have included individual's names and address, Social Security numbers, driver's licence number, employer ID number, financial or bank account information, date of birth, email address and password, insurance information and insurance account number, and passport number. Lastly, Elara Caring highlighted that letters were mailed to impacted individuals and appropriate regulatory agencies.